Honeypots
-
Upload
saranya-s -
Category
Engineering
-
view
386 -
download
5
description
Transcript of Honeypots
![Page 1: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/1.jpg)
HONEYPOTSPRESENTED BY,
SARANYA.S S7 CSE
![Page 2: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/2.jpg)
CONTENTS Introduction
What are Honey pots?
Classification
Honeyd
Honeynet
Advantages of honeypot
Disadvantages of honeypot
Conclusion
![Page 3: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/3.jpg)
INTRODUCTION
The internet is growing very fast.
New attacks every day
The more you know about your enemy, the better you can protect
yourself.
The main goal of honeypot is to gather as much information as
possible.
![Page 4: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/4.jpg)
WHAT ARE HONEYPOTS?
Honeypot is an exciting new technology with enormous
potential for the security community.
According to Lance Spitzner, founder of honeypot project: “A
honeypot is an information system resource whose value lies
in unauthorized or illicit use of that resource.”
Used for monitoring, detecting and analyzing attacks
![Page 5: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/5.jpg)
CLASSIFICATIONBy level of
interaction High Low
By level of interaction
By
implementationPhysical Virtual
By
purpose
Production Research
![Page 6: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/6.jpg)
High interaction
Simulates all aspects of the OS: real systems.
Can be compromised completely, higher risk.
More Information
Eg:-Honeynet Architecture of high interaction honeypots
![Page 7: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/7.jpg)
Low interactionSimulates some aspects of
the systemEasy to deploy, minimal
risk
Limited Information
Eg:- Honeyd
Architecture of low interaction honeypots
![Page 8: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/8.jpg)
Physical Honeypots
Real machines
Own IP Addresses
Often high-interactive
![Page 9: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/9.jpg)
Virtual Honeypots
Simulated by other machines that:
• Respond to the network traffic sent to the honeypots
• May simulate a lot of (different) virtual honeypots at the same
time
![Page 10: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/10.jpg)
Production Honeypots
Help to mitigate risk in your organizations
3 categories:
1.Prevention
• Keeping the bad guys out
• Mechanism such as encryption prevent attackers from
accessing critical information.
![Page 11: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/11.jpg)
Contd…
2. Detection
• Detecting the attacker when he breaks in.
• Challenges: False positive, False negative
3.Response
• Can easily be pulled offline
![Page 12: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/12.jpg)
Research Honeypots
Capture extensive information
Used primarily by research, military, government organization.
Used:
• To capture automated threats, such autorooters
• To capture unknown tools or techniques
• To better understand attackers motives
![Page 13: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/13.jpg)
HONEYD
Open source software released under GNU General Public
License.
Able to simulate big network on a single host.
Provides simple functionality.
![Page 14: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/14.jpg)
A Honeyd config file
create windowsset windows personality "Windows NT 4.0 Server SP5-SP6"set windows default tcp action resetset windows default udp action resetadd windows tcp port 80 "perl scripts/iis-0.95/iisemul8.pl"add windows tcp port 139 openadd windows tcp port 137 openadd windows udp port 137 openadd windows udp port 135 openset windows uptime 3284460bind 192.168.1.201 windows
![Page 15: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/15.jpg)
How Honeyd Works?
![Page 16: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/16.jpg)
16
Overview of honeyd architecture
RoutingPersonality
engine
Packet dispatcher
ICMP TCP UDP
Services
Routing
ConfigurationPersonality
Network
Lookup• Packet dispatcher• Configuration database• Protocol handlers• Router • Personality engine
![Page 17: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/17.jpg)
HONEYNET
High interaction honeypots
Two or more honeypots on a network form a honeynet.
It is basically an architecture, an entire network of computers
designed to be attacked.
The key to the honeynet architecture is “Honey wall”.
![Page 18: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/18.jpg)
18
ARCHITECTURE OF HONEYNET
![Page 19: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/19.jpg)
19
Gen 1
![Page 20: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/20.jpg)
Gen 2
![Page 21: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/21.jpg)
Advantages of Honeypots
Collect small data sets of high value
Reduced false positive
Cost effective
Simplicity
Minimal resources
![Page 22: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/22.jpg)
Disadvantages of Honeypots
Limited view
Risk
Finger Printing
![Page 23: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/23.jpg)
CONCLUSION
Effective tool for observing hacker movements as well as preparing
the system for future attacks.
Flexible tool with different applications to security
Primary value in detection and information gathering.
![Page 24: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/24.jpg)
REFERENCES• R. R. Patel and C. S. Thaker, “Zero-day attack signatures detection using honey-pot,”
International Conference on Computer Communication and Networks CSI-COMNET-2011, vol. 1, no. 1, pp. 4–27, 2011.
• Lance Spitzner. To build a honeypot. http://www.spitzner.net/honeypot.html.
• http://www.tracking-hackers.com/papers/honeypots.html
• The Honeynet Project, “Know Your Enemy: Statistics,” available
online:http://honeynet.org/papers/stats
• http://www.honeynet.org
• http://project.honeypot.org
![Page 25: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/25.jpg)
QUESTIONS…….
![Page 26: Honeypots](https://reader034.fdocuments.net/reader034/viewer/2022052619/5562bfacd8b42a595e8b4f5d/html5/thumbnails/26.jpg)
THANKYOU